用python做 syn scan

但是这个速度实在是太感人了，有没有优化的方案？不想写C的

代码如下:

#coding: utf-8

import threading,time,os,argparse,subprocess,re,platform

from scapy.all import *

def port_service(port):

return port_dict[port] if port in port_dict else 'Unknown'

def send_syn(ip,port):

send(IP(dst=ip)/TCP(dport=port,sport=RandShort(),flags=2),verbose=False)

def get_ip_address(iface):

if os.name=='posix':

ipre = '%s.*?inet.*?(([0-9]{1,3}\.){3}[0-9]{1,3})'%iface

ipconfig_process = subprocess.Popen("ifconfig", stdout=subprocess.PIPE)

else:

ipre = 'IPv4.*?(([0-9]{1,3}\.){3}[0-9]{1,3})'%iface

ipconfig_process = subprocess.Popen("ipconfig", stdout=subprocess.PIPE)

output = ipconfig_process.stdout.read()

ip_pattern = re.compile(ipre,re.S)

result=ip_pattern.search(output.decode('utf-8'))

if len(result.groups())==2:

return result.group(1)

def catcher(packet):

global result_dict

ip=packet.getlayer(IP).src

port=packet.getlayer(TCP).sport

if ip in result_dict:

result_dict[ip]['count']+=1

result_dict[ip]['ports'].append(port)

else:

result_dict[ip]={"count":1,"ports":[port]}

print("[+] IP %s | Port %s "%(ip,port))

def sniffer(iface,userIp,targetIpList):

print("[*] Get your ip %s in iface %s , Simple Sniffer starting ......."%(userIp,iface))

fs="".join(["src %s or "%stip for stip in targetIpList])

sniff(iface=iface, filter='tcp and dst %s and tcp[13:1] & 18==18 and (%s)'%(userIp,fs[:len(fs)-3]), prn=catcher)

if __name__ == '__main__':

port_dict={

19:'CG',

21:'FTP',

22:'SSH',

23:'TELNET',

25:'SMTP',

31:'MSG',

53:'DNS',

67:'BPS',

80:'HTTP',

110:'POP3',

443:'HTTPS',

1433:'Microsoft SQL Server',

1521:'Oracle DataBase',

1863:'MSN Message',

1883:'MQTT',

2181:'ZooKeeper',

3306:'Mysql Server',

3389:'Miscrosoft RDP',

4000:'Tencent QQ Client',

5000:'DB2',

6379:'Redis',

8000:'Tencent OICQ',

8080:'Http WWW Proxy',

8161:'Activemq Jetty Service',

11211:'Memcached',

27017:'MongoDB',

61616:'Activemq JMS'

}

result_dict={}

threads=[]

parser=argparse.ArgumentParser(description="PortScanner Via MultiThread , MultiProcess and Coroutine version you can find in the same repository .")

parser.add_argument('-i','--ip_list',dest='ip_list',required=True,type=str,help='Privider the IP list for scan , use "," to split each ip.')

parser.add_argument('-n','--net_iface',dest='net_iface',required=True,type=str,help='Privider the net work iface , i will get you ip.')

parser.add_argument('-r','--if_show',action='store_false',dest='if_show',default=True,help='Design if show the result after ports scan complete .')

parser.add_argument('-p','--if_print',action='store_false',dest='if_print',default=False,help='Design if print the result while scaning the open port')

args=parser.parse_args()

ip_list=args.ip_list.split(',')

if_show=args.if_show

if_print=args.if_print

iface = args.net_iface

userIP = get_ip_address(iface)

if userIP is None:

print('[!] Can not ge ip from iface : %s'%iface)

os._exit(1)

sniffer_thread=threading.Thread(target=sniffer,args=(iface,userIP,ip_list))

sniffer_thread.start()

time.sleep(0.2)

for ip in ip_list:

for port in range(1,65535):

t=threading.Thread(target=send_syn,args=(ip,port,))

threads.append(t)

t.start()

for t in threads:

t.join()

time.sleep(0.2)

if if_show:

for (key,value) in result_dict.items():

print("[+] IP : %s has %d opened port."%(key,value['count']))

for port in value['ports']:

print("-------> %5s | %s "%(port,port_service(port)))

os._exit(0)

我试过把scapy换掉，自己组报文用Raw Socket发，还是这么慢......